Pages

Thursday, 13 September 2012

Suspicious sign in prevented - Google Mail sent me this message

Status: presumed harmless

I've had two emails ostensibly from Google (accounts-noreply@google.com) telling me that two separate attempts were made by an app to access my mum's* Gmail account, although I've not received anything telling me of any issues with my own Gmail account, and it's that which intrigues me the most.

In both cases the message says:
"Someone recently tried to use an application to sign into your Google Account [email address redacted]. We prevented the sign-in attempt in case this was a hijacker trying to access your account. Please review the details of the sign-in attempt:
Day, Date, Time, in GMT
IP address: 92.250.162.248 (astra2connect.com)
Location: Sopot, Poland
(the second message has 233 as the final bit of the IP address) 
If you do not recognize (sic) this sign-in attempt, someone else might be trying to access your account. You should sign in to your account and reset the password immediately. Find out how at support / google / reset_pw (within a normal looking URL that I can't be bothered to type).
If this was you and you want to give this application access... troubleshooting steps at [plausible looking URL]."
The astra2connect immediately made me think of ship satellite communications - the timing of the attempted logins coincide with my two journeys on ferries, once from Aberdeen to Kirkwall, Orkney and the other the return journey. In both cases the wifi is provided by direct satellite link rather than the more usual ground stations (this always thrills me a bit to be honest!) so I presume it's nothing more exciting than my iPhone mail app hooking up with the astra2connect satellite, firstly on the MV Hjaltland, secondly on MV Hrossan courtesy of the lovely Northlink Ferries (lovely, lovely ferries).

So far, so not sinister - but why does my own Gmail account not return this message? The use of the term 'hijacker' seems unusual in a Google communication too.

Googling the IP addresses and astra2connect didn't bring up anything obvious, or suspicious. I don't remember getting these messages back in June when I took Stena ferries (also lovely, lovely ferries) from Liverpool to Belfast and back again... I should probably double-check though.

*when my mum was on her deathbed a couple of years ago I set my iPhone mail system up so that I could intercept any messages sent to her Gmail account from wellwishers so that I could read them out on my visits to her and respond. Both mum and account are now dormant but the Gmail receives sporadic spam and I never send messages from it whereas I interact with my Gmail account several times a day.

No comments:

Post a Comment

Comment policy: I enthusiastically welcome corrections and I entertain polite disagreement ;) Because of the nature of this blog it attracts a LOT - 5 a day at the moment - of spam comments (I write about spam practices,misleading marketing and unevidenced quackery) and so I'm more likely to post a pasted version of your comment, removing any hyperlinks.

Comments written in ALL CAPS LOCK will be deleted and I won't publish any pro-homeopathy comments, that ship has sailed I'm afraid (it's nonsense).